CN114642015A - Wearable secure data device - Google Patents

Wearable secure data device Download PDF

Info

Publication number
CN114642015A
CN114642015A CN202080077356.9A CN202080077356A CN114642015A CN 114642015 A CN114642015 A CN 114642015A CN 202080077356 A CN202080077356 A CN 202080077356A CN 114642015 A CN114642015 A CN 114642015A
Authority
CN
China
Prior art keywords
secure data
computer
wearable
data item
security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202080077356.9A
Other languages
Chinese (zh)
Inventor
D·维尔马
高凤晙
S·达贾瓦德
N·德塞
M·斯瑞瓦塔萨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Publication of CN114642015A publication Critical patent/CN114642015A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F1/00Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
    • G06F1/16Constructional details or arrangements
    • G06F1/1613Constructional details or arrangements for portable computers
    • G06F1/163Wearable computers, e.g. on a belt
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/01Input arrangements or combined input and output arrangements for interaction between user and computer
    • G06F3/011Arrangements for interaction with the human body, e.g. for user immersion in virtual reality
    • G06F3/014Hand-worn input/output arrangements, e.g. data gloves
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/321Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices using wearable devices
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00571Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated by interacting with a central unit
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00896Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys specially adapted for particular uses
    • G07C9/00912Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys specially adapted for particular uses for safes, strong-rooms, vaults or the like
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/20Individual registration on entry or exit involving the use of a pass
    • G07C9/22Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder
    • G07C9/25Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition
    • G07C9/257Individual registration on entry or exit involving the use of a pass in combination with an identity check of the pass holder using biometric data, e.g. fingerprints, iris scans or voice recognition electronically
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07GREGISTERING THE RECEIPT OF CASH, VALUABLES, OR TOKENS
    • G07G1/00Cash registers
    • G07G1/0009Details of the software in the checkout register, electronic cash register [ECR] or point of sale terminal [POS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/53Network services using third party service providers

Abstract

A method for a wearable secure data device is disclosed. The method comprises setting an operational mode of the wearable security data device for storing a plurality of security data items. The method also includes receiving a request for at least one secure data item from a client device in communication with the third party device. Further, the method includes determining whether the mode of operation is associated with allowing access to the secure data item. Further, the method includes providing a response based on the determination.

Description

Wearable secure data device
Technical Field
The present disclosure relates to security data, and more particularly to wearable security data devices.
Background
Today, people exchange their relatively large amounts of data with different entities over the internet, and many of this data is private or sensitive. However, the security of data on the internet is often compromised to security on the client device (e.g., phone). Alternatively, the security of the data may be trusted to websites that store such data on their own servers. Therefore, there is a need to solve the above problems.
Disclosure of Invention
Viewed from a first aspect, the present invention provides a computer-implemented method comprising: setting an operating mode of a secure data device for storing a plurality of secure data items; receiving a request for at least one of the secure data items from a client device in communication with a third party device; determining whether the mode of operation is associated with allowing access to the secure data item; and providing a response based on the determination.
Viewed from a further aspect the present invention provides a computer program product comprising program instructions stored on a computer readable storage medium, wherein said computer readable storage medium is not a transitory signal per se, said program instructions being executable by a processor to cause said processor to perform a method comprising: setting an operating mode of a secure data device for storing a plurality of secure data items; receiving a request for at least one of the secure data items from a client device in communication with a third party device; determining whether the mode of operation is associated with allowing access to the secure data item; providing a response based on the determination, wherein: the mode of operation is associated with allowing access to the secure data item; and providing the response comprises: retrieving the at least one secure data item from a secure storage device of the secure data device; decrypting the at least one secure data item; and generating a response including the at least one secure data item.
Viewed from another aspect, the present invention provides a system comprising: a communication interface; a safety sensor; computer processing circuitry; a portable housing enclosing the communication interface, the security sensor, and at least a portion of the computer processing circuitry; and a computer-readable storage medium storing instructions that, when executed by the computer processing circuitry, are configured to: causing the computer processing circuitry to perform a method comprising: setting an operating mode of a secure data device for storing a plurality of secure data items; receiving a request for at least one of the secure data items from a client device in communication with a third party device; determining whether the mode of operation is associated with allowing access to the secure data item; and providing a response based on the determination, wherein: the mode of operation is not associated with allowing access to the secure data item; and providing the response comprises generating a close response that does not include the at least one secure data item.
Viewed from a further aspect the present invention provides a computer program product for a secure data device, the computer program product comprising a computer readable storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for performing a method for performing the steps of the present invention.
Viewed from another aspect, the present invention provides a computer program stored on a computer readable medium and loadable into the internal memory of a digital computer, comprising software code portions, when said program is run on a computer, for performing the steps of the invention.
Embodiments of a method for a wearable secure data device are disclosed. The method includes setting an operational mode of the wearable secure data device for storing a plurality of secure data items. The method also includes receiving a request for at least one secure data item from a client device in communication with the third party device. Further, the method includes determining whether the mode of operation is associated with allowing access to the secure data item. Further, the method includes providing a response based on the determination.
Further aspects of the disclosure relate to systems and computer program products having functionality similar to that described above with respect to computer-implemented methods. This summary is not intended to illustrate each aspect, every implementation, and/or every implementation of the present disclosure.
Drawings
The accompanying drawings, which are incorporated in and form a part of the specification, are included to provide a further understanding of the invention. They illustrate embodiments of the disclosure and, together with the description, serve to explain the principles of the disclosure. The drawings illustrate only certain embodiments and are not to be construed as limiting the disclosure.
Fig. 1 is a block diagram of a system for protecting data according to some embodiments of the present disclosure.
Fig. 2 is a block diagram of an example wearable security data device, in accordance with some embodiments of the present disclosure.
Fig. 3 is a block diagram of a network proxy system according to some embodiments of the present disclosure.
FIG. 4 is a block diagram of a client device plug-in system according to some embodiments of the present disclosure.
Fig. 5 is a process flow diagram of a method for a wearable secure data device, in accordance with some embodiments of the present disclosure.
Fig. 6A-6C are block diagrams of example wearable security data devices, according to some embodiments of the present disclosure.
Fig. 7 is a block diagram of an example wearable secure data device, in accordance with some embodiments of the present disclosure.
While the disclosure is amenable to various modifications and alternative forms, specifics thereof have been shown by way of example in the drawings and will be described in detail. It should be understood, however, that the intention is not to limit the invention to the particular embodiments described. On the contrary, the intention is to cover all modifications, equivalents, and alternatives falling within the scope of the disclosure.
Detailed Description
Because the security of private and/or sensitive data may be left to client devices used to connect to the internet and service providers on the internet, vulnerabilities in such client devices and/or servers may result in exposure of the private and/or sensitive data. Private and/or sensitive data stored in the cloud may be vulnerable to attacks on the cloud. Further, trusting data to be secured on the client device depends on the security of the client device. The client device may be a mobile computing device, such as a smartphone or tablet. However, client devices may be multifunctional, which may make these devices vulnerable to network attacks. Thus, it is challenging to provide reliable security mechanisms to protect private and/or sensitive data in control of a user independent of the client device or service provider.
Accordingly, some embodiments of the present disclosure may provide a wearable security data device that is a wearable security library for private and/or sensitive data. The wearable secure data device may store and maintain encrypted copies of private and/or sensitive data. Further, the wearer of the wearable security data device may manually operate sensors on the wearable security data device, for example, to release private and/or sensitive data when the wearer determines that private and/or sensitive data may be safely released. Furthermore, the wearer may make a specific choice of which data to release from the security data.
Fig. 1 is a block diagram of a system 100 for protecting data according to some embodiments of the present disclosure. System 100 may include a network 102, a client device 104, a content server 106, and a wearable secure data device 108 that hosts secure data 110. Network 102 may be one or more computer communication networks including a Local Area Network (LAN) and a Wide Area Network (WAN). In some embodiments, network 102 includes the Internet. The network 102 may enable communication between the client device 104, the content server 106, and the wearable secure data device 108.
The client device 104 may be a computing device having a computer processor and memory, such as a laptop computer, a tablet computer, a smart watch, a smart speaker, a smart phone device, and so forth. Client device 104 may connect with network 102 to access content server 106 over the internet. The content servers 106 may include servers that provide different services, including web servers, streaming video, chat, email, and the like.
As previously described, the security of data may be trusted to client devices 104 and/or content servers 106 that process personal data. Rather, in some embodiments of the present disclosure, the wearable security data device 108 may protect the security data 110. Secure data 110 may include different types of personal and/or sensitive information including name, address, age, social security number, bank account number, credit card number, and the like. According to some embodiments of the present disclosure, the secure data 110 may be stored within the secure data storage device 108. For example, the secure data storage device 108 may utilize encryption to store the secure data 110.
Further, the wearable security data device 108 may be a wearable computer containing, for example, a processor (not shown), a storage (not shown), sensors (e.g., security sensors) 112, and a network interface (not shown). The sensors 112 may be a physical interface of the wearable security data device 108 that may be used to change the security mode of the wearable security data device 108. Examples of sensors 112 include, but are not limited to, buttons, biometric scanners, touch sensors, switches, and microphones. In different modes, the wearable security data device 108 may operate differently. For example, in a closed mode of operation, the wearable security data device 108 may not reveal the security data 110 to any other computing devices, including the client device 104 and the content server 106. Conversely, during an open mode of operation, wearable security data device 108 may expose certain data from security data 110 to other devices. According to some embodiments of the invention, the physical operation of the sensor 112 may change the mode of operation between on and off. For example, pressing a button of the sensor 112 may cause the wearable security data device 108 to transition from an on mode to an off mode, and vice versa.
Further, the wearable security data device 108 may be paired with a computer application (app) running on the client device 104. In this way, the operation of the wearable security data device 108 may be defined. The app may enable the owner of the secure data 110 to configure the behavior of the wearable secure data device 108 to allow certain types of information (e.g., the spouse's birthday) to be revealed to a predetermined type of website (bank or travel website). When in the open mode, the application may also define and enforce a permitted release of data for the wearable security data device 108. More specifically, when the wearable security data device 108 checks for communications from the client device 104 to other devices (such as the content server 106), the app may define the types of personal information that may be collected from the wearable security data device 108.
According to some embodiments of the present disclosure, the wearable security data device 108 may be a wearable garment, jewelry, or accessory that includes a processor and a secure data store. The wearable secure data device 108 may store and maintain an encrypted copy of the secure data 110. Further, simple operations on the wearable security data device 108 (such as buttons or sensors) may enable the wearable security data device 108 to release the security data 110 to an application on the client device 104 or to an external entity (such as the content server 106). In this way, the wearable security data device 108 may provide control over the security data 110 itself and who gains access.
For example, the client device 104 may request a service from the content server 106, such as a streaming service for popular movies. However, as a condition for providing the service, the content server 106 may request information stored in the security data 110, for example, a form of payment. Thus, in response to the pressing of a button on the wearable security data device 108, the wearable security data device 108 may read and decrypt the name, address, and credit card number from the security data 110. Further, the wearable security data device 108 may provide the requested data to the streaming video content server directly or indirectly (e.g., through the client device 104).
Fig. 2 is a block diagram of an example wearable security data device 200, in accordance with some embodiments of the present disclosure. The wearable security data device 200 may be similar to the wearable security data device 108 described with respect to fig. 1. Referring back to fig. 2, the wearable security data device 200 may be portable and small enough to be a wearable security data vault. The wearable secure data device 200 includes a housing 202 for a flash drive 204, a processor 206, a security sensor 208, a network interface 210, a battery 212, and a connector 214. The flash drive 204 may be an electronic data storage device without moving parts. The flash drive 204 may be, for example, an integrated circuit memory chip. According to some embodiments of the present disclosure, the flash drive 204 may store encrypted data. The processor 206 may be computer processing circuitry configured to perform the techniques described herein. More specifically, the processor 206 may run software to encrypt and decrypt data on the flash drive 204. The security sensor 208 may be an operable physical interface that sends a configuration control request to the processor 206 to change the mode of operation. The network interface 210 may be a wireless computer communication network interface. According to some embodiments of the present disclosure, the network interface 210 may enable communication between the wearable secure data device 200 and an external client device (such as the client device 104 described with respect to fig. 1).
Referring back to fig. 2, a battery 212 may be coupled with the flash drive 204, the processor 206, the sensors 208, and the network interface 210. In addition, battery 212 may be charged from an external power source through connector 214. The external power source may be, for example, a power outlet or a photovoltaic charging panel wired to the connector 214 (e.g., a micro-USB port). Thus, the flash drive 204, the processor 206, the security sensor 208, the network interface 210, the battery 212, and the connector 214 may be disposed within the housing 202 and on the housing 202 and electrically interconnected. Furthermore, shell 202 may thus be incorporated into a wearable article (such as a ring, watch, bracelet, glove, etc.) enabling a user in possession of secure data 110 (described with respect to fig. 1) to wear wearable secure data device 200. In this way, the wearable security data device 200 may give such users physical control over the security of their security data 110.
According to some embodiments of the present disclosure, the security sensor 208 may be a fingerprint scanner that scans the fingerprint of an authenticated user to place the wearable security data device 200 in different operational modes. In the off mode, wearable security data device 200 may protect security data 110 by not allowing access to security data 110. In other words, the request for secure data 110 is denied. In contrast, in the open mode of operation, the wearable secure data device 200 may allow the secure data 110 to be read according to a predetermined access control policy. Alternatively or additionally, the security sensor 208 may comprise a touch sensor that triggers a change to the mode of operation in response to a predetermined number of touches to the security sensor 208. Alternatively or additionally, the safety sensor 208 may be a physical switch that may be moved to different positions for different modes. Alternatively or additionally, the safety sensor 208 may include a small cross-over switch that may be configured for a number of possible combinations of operating modes. Alternatively or additionally, the security sensor 208 may be an audio microphone capable of triggering different modes of operation in response to predetermined spoken commands.
In some embodiments, the secure data 110 may be categorized based on data type, and privacy and/or sensitivity ratings. Thus, in such embodiments, control over the type and level of data to be released according to different modes of operation may be enforced through physical separation. For example, the locations in flash drive 204 where different types and levels of data are stored may be physically separate. Further, the communication circuits on which different types and levels of data are read and written may be physically separated. According to some embodiments of the present disclosure, control may be implemented by electrical and digital means, where digital logic circuits and gates are used to implement policies under which secure data 110 may be released.
Fig. 3 is a block diagram of a client device plug-in system 300 according to some embodiments of the present disclosure. The client device plug-in system 300 may include a client device 302, a wearable secure data device 304, and a network router 306. The client device 302, the wearable secure data device 304, and the network router 306 may be similar to the client device 402, the wearable secure data device 404, and the network router 406 described with respect to fig. 4.
Referring back to fig. 3, in the client device plug-in system 300, the client device 302 may include a computer application (app)308, such as a driver or software development kit. The application 308 may make a request 310 for the secure data 110 to the wearable secure data device 304. The wearable security data device 304 may be paired with the client device 302 such that the wearable security data device 304 may provide a response 312 in response to the request 310. In the open mode of operation, wearable secure data device 304 may include the requested information from secure data 110 (described in relation to fig. 1). In the off mode of operation, the wearable security data device may provide an off response, e.g., provide response 312, but with a blank or zeroed value in place of the requested security data. Alternatively, in the off mode of operation, the wearable security data device 304 may not generate the response 312. Thus, for example, the client device 302 may generate the request 314 for the content server 106 (described with respect to fig. 1) without the secure data 110 from the wearable secure data device 304. The client device 302 may send a request 314 for the content server 106 using the network router 306. Further, content server 106 can generate response 316 to network router 306, and network router 306 can provide response 316 to client device 302.
Because the wearable secure data device 304 is used as a client device plug-in rather than a network proxy, the wearable secure data device 304 cannot modify requests to external servers such as the content server 106. However, the wearable secure data device 304 may ensure that the request 314 does not include the secure data 110 stored in the wearable secure data device 304. Further, as a client device accessory, the wearable secure data device 304 is unable to modify the response 316 from the content server 106. Thus, in the client device attachment system 300, the wearable secure data device 304 is only able to protect the privacy of the secure data 110, not the client device 302.
Fig. 4 is a block diagram of a network proxy system 400 according to some embodiments of the present disclosure. The network proxy system 400 may include a client device 402, a wearable secure data device 404, and a network router 406. The client device 402 and the wearable secure data device 404 may be similar to the client device 104 described with respect to fig. 1. The wearable security data device 404 may be similar to the wearable security data device 108 described with respect to fig. 1 and the wearable security data device 200 described with respect to fig. 2. Referring back to fig. 4, network router 406 may be a computer communication device that physically routes data packets to a network. Thus, the client device 402 and the wearable secure data device 404 may be connected to the internet, for example, through the network router 406.
According to some embodiments of the present disclosure, the client device 402 may be used with the wearable secure data device 404 in one of two network topologies: network proxies, and client device attachments. In the network proxy system 400, the wearable secure data device 404 uses its network interface to become a proxy for the client device 402. In other words, the wearable secure data device 404 may act as a Wi-Fi access point for the client device 402, thereby enabling the client device 402 to connect to the internet through the wearable secure data device 404. In this way, the wearable secure data device 404 may intercept the request 408-1 from the client device 402. Further, the wearable secure data device 404 may modify the request 408-1, e.g., replace personally identifiable information in the request 408-1 with some other type of information. Alternatively or additionally, the wearable security data device 404 may add some additional information. Accordingly, the wearable secure data device 404 may forward the modified request 408-2 with the alternate and/or additional data. Similarly, the wearable security data device 404 may intercept the response 410-1 from the network router 406. In some scenarios, for example, some websites may place a tracking tag within response 410-1. These tracking tags are capable of tracking the activity of the client device 402. In some cases, the tracking tag can include an image to be downloaded, or a cookie that identifies the client device 402 when repeatedly interacting. The wearable secure data device 404 may remove such indicia so that the privacy of the individual is better protected. Thus, for example, the wearable secure data device 404 may modify the response 410-1 from the website and generate a modified response 410-2. Further, the wearable secure data device 404 may send a modified response 410-2 to the client device 402. Thus, in the network proxy system 400, the wearable secure data device 404 may protect the privacy of the secure data 110 and the client device 402.
Fig. 5 is a process flow diagram of a method 500 for a wearable secure data device, in accordance with some embodiments of the present disclosure. The method 500 may be performed by a wearable security data device, such as the wearable security data device 108 described with respect to fig. 1.
Referring back to fig. 5, at operation 502, the wearable security data device 108 may configure an operational mode. In some embodiments of the present disclosure, the operational mode may be configured as an open mode within which the secure data may be released. Alternatively, the operational mode may be configured as an off mode in which secure data is not released. The wearable security data device 108 may configure the mode of operation in response to inputs detected by security sensors, such as sensor 112.
At operation 504, the wearable security data device 108 may receive a request for access to information from the security data 110. The request may be received from a client device, such as client device 104. In a network proxy system, the request may include a request from a client device to a content server, such as content server 106. In a client device plug-in system, the request may simply be a request for secure data 110.
At operation 506, the wearable security data device 108 may determine whether the operational mode is on or off. If the mode of operation is on, control may flow to operation 508. If the operating mode is off, control may flow to operation 512.
At operation 508, the wearable security data device 108 may retrieve the requested information from the secure storage (e.g., flash drive 204 as described with respect to fig. 2) of the wearable security data device 108. Referring back to fig. 5, in operation 508, the wearable secure data device 108 may also decrypt data read from the flash drive 204.
At operation 510, the wearable security data device 108 may provide the security data in a response. The wearable secure data device 108 may encapsulate the decrypted data in a response and provide the response based on the network system. In a network proxy system, the wearable security data device 108 may augment the original request from the client device 104 with the requested security data 110 and forward the request to the content server 106. In a client device add-on system, the wearable security data device 108 may transmit the requested security data 110 in response to the client device 104.
As previously described, if the operating mode is turned off, control flows to operation 512. At operation 512, the wearable security data device 108 may provide a close response to the original request. In the off mode, the wearable secure data device 108 may not release the secure data 110.
Thus, in a network proxy system, the wearable secure data device 108 may generate a request for modification from the client device 104 to the content server 106. The modified request may include a blank or empty field in place of the requested security data. Further, the wearable secure data device 108 may send the modified request to the content server 106. In a client device add-on system, the wearable security data device 108 may provide a shutdown response to the client device 104. Alternatively, the wearable security data device 108 may not respond to the request for security data 110.
Fig. 6A is a block diagram of an example wearable security data device 600A, according to some embodiments of the present disclosure. As previously mentioned, the structure of the wearable security data device (such as wearable security data device 600A) may vary. The example wearable security data device 600A includes a housing 602A that includes a ring with a holder 604A that may be worn by men, women, and/or children. The holder 604A may be similar to the structure used to hold gems or markers on a ring. In such an embodiment, the holder 604A may include a system on a chip (SOC) 606A. The system-on-chip 606A may include a flash drive, a processor, a sensor, a network interface, a battery, and a connection, such as the flash drive 204, the processor 206, the sensor 208, the network interface 210, the battery 212, and the connector 214 described with respect to fig. 2. In some embodiments, wearable security data device 600A may include a jewel or other decoration on holder 604A above SOC 606A. In some embodiments, connector 214 may be configured within a gemstone.
As previously described, the data owner may place the wearable security data device 600A in an operational mode (on or off) by using the security sensor, for example by tapping the touch sensor multiple times. Further, the wearable security data device 600A may include one or more Light Emitting Diode (LED) lights that illuminate to visually indicate the mode of operation. Thus, each possible color of the LED lamp may represent a different mode of operation. In other embodiments, the operating mode of the wearable security data device 600A may be displayed and controlled on an application running on the client device 104, wherein status and control commands of the operating mode are communicated between the wearable security data device 600A and the client device 104 through an isolated security control communication channel that is physically or logically separate from the communication method used to release the security data 110.
Fig. 6B is a block diagram of an example wearable security data device 600B, in accordance with some embodiments of the present disclosure. The example wearable security data device 600B may be similar to the example wearable security data device 600A, but with a different configuration. For example, the example wearable security data device 600B includes a ring-shaped housing 602B, and a holder 604B that may be used to hold a gemstone or mark on the ring. In such an embodiment, the holder 604B may include a system on a chip (SOC) 606B. The system-on-chip 606B may include a flash drive 204, a processor 206, a sensor 208, a network interface 210, and a battery 212. However, instead of placing the connector 214 on the SOC 606B, the annular housing 602B is configured with a connection 608B. Accordingly, the annular housing 602B may include an electrical connection 610B that provides power to the battery of the SOC 606B.
Fig. 6C is a block diagram of an example wearable security data device 600C in accordance with some embodiments of the present disclosure. The example wearable security data device 600C may be similar to the example wearable security data devices 600A and 600B, but with a different configuration. In the example wearable security data device 600C, the same set of components from the example wearable security data devices 600A, 600B may be distributed at other locations along the annular housing 602C.
For example, the example wearable security data device 600C includes a ring-shaped housing 602C and a retainer 604C that may be used to hold a gemstone or mark on the ring. In such an embodiment, the holder 604C may include a sensor 606C and a processor 608C. Further, housing 602C may also include a flash drive 610C, a network interface 612C, a battery 614C, and a connection 616C. Furthermore, the annular housing 602C may comprise an electrical connection 618C that conducts power from the connection 616C to the battery 614C and from the battery to other electrical components of the wearable security data device 600C.
Fig. 7 is a block diagram of an example wearable security data device 700, in accordance with some embodiments of the present disclosure. As previously mentioned, the structure of the wearable security data device (such as wearable security data device 700) may vary. For example, wearable security data device 700 has a watchband case 702 with a holder 704. The holder 704 may be similar in structure to holding the watch face in the watch band case 702. In such an embodiment, the holder 704 may include a SOC 706, which may include the flash drive 204, the processor 206, the sensor 208, the network interface 210, the battery 212, and the connector 214 described with respect to fig. 2.
The present disclosure may be a system, method, and/or computer program product of any possible level of technical detail integration. The computer program product may include a computer-readable storage medium (or media) having computer-readable program instructions thereon for causing a processor to perform aspects of the disclosure.
The computer readable storage medium may be a tangible device that can retain and store instructions for use by an instruction execution device. The computer readable storage medium may be, for example, but is not limited to, an electronic memory device, a magnetic memory device, an optical memory device, an electromagnetic memory device, a semiconductor memory device, or any suitable combination of the foregoing. A non-exhaustive list of more specific examples of the computer-readable storage medium includes the following: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a Static Random Access Memory (SRAM), a portable compact disc read-only memory (CD-ROM), a Digital Versatile Disc (DVD), a memory stick, a floppy disk, a mechanical coding device such as a punch card, or a protruding structure in a slot having instructions recorded thereon, and any suitable combination of the foregoing. A computer-readable storage medium as used herein should not be construed as a transitory signal per se, such as a radio wave or other freely propagating electromagnetic wave, an electromagnetic wave propagating through a waveguide or other transmission medium (e.g., optical pulses traveling through a fiber optic cable), or an electrical signal transmitted over a wire.
The computer-readable program instructions described herein may be downloaded from a computer-readable storage medium to a corresponding computing/processing device, or to an external computer or external storage device, via a network (e.g., the internet, a local area network, a wide area network, and/or a wireless network). The network may include copper transmission cables, optical transmission fibers, wireless transmissions, routers, firewalls, switches, gateway computers and/or edge servers. The network adapter card or network interface in each computing/processing device receives computer-readable program instructions from the network and forwards the computer-readable program instructions for storage in a computer-readable storage medium within the respective computing/processing device.
Computer-readable program instructions for carrying out operations of the present disclosure may be assembler instructions, Instruction Set Architecture (ISA) instructions, machine-related instructions, microcode, firmware instructions, state setting data, configuration data for an integrated circuit, or source or object code written in any combination of one or more programming languages, including an object oriented programming language such as Smalltalk, C + + or the like and procedural programming languages, such as the "C" programming language or similar programming languages. The computer-readable program instructions may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider). In some embodiments, an electronic circuit comprising, for example, a programmable logic circuit, a Field Programmable Gate Array (FPGA), or a Programmable Logic Array (PLA), can execute computer-readable program instructions by personalizing the electronic circuit with state information of the computer-readable program instructions in order to perform aspects of the present disclosure.
Aspects of the present disclosure are described herein with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the disclosure. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer-readable program instructions.
These computer-readable program instructions may be provided to a processor of a computer or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks. These computer-readable program instructions may also be stored in a computer-readable storage medium that can direct a computer, programmable data processing apparatus, and/or other devices to function in a particular manner, such that the computer-readable storage medium having the instructions stored therein comprise an article of manufacture including instructions which implement the function/act specified in the flowchart and/or block diagram block or blocks.
The computer readable program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the instructions which execute on the computer, other programmable apparatus or other devices implement the functions/acts specified in the flowchart and/or block diagram block or blocks.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of instructions, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, the blocks may sometimes be executed in the reverse order, depending upon the functionality involved, and the steps may in fact be executed at the same time, substantially concurrently, in a partially or fully time overlapping manner, or the blocks may sometimes be executed in the reverse order. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

Claims (16)

1. A computer-implemented method for a secure data device, comprising:
setting an operating mode for the secure data device storing a plurality of secure data items;
receiving a request for at least one of the secure data items from a client device in communication with a third party device;
determining whether the mode of operation is associated with allowing access to the secure data item; and
providing a response based on the determination.
2. The method of claim 1, wherein:
the mode of operation is associated with allowing access to the secure data item; and
providing the response comprises:
retrieving the at least one secure data item from secure storage of the secure data device;
decrypting the at least one secure data item; and
generating the response including the at least one secure data item.
3. The method of any preceding claim, wherein:
the mode of operation is not associated with allowing access to the secure data item; and
providing the response comprises generating a close response that does not include the at least one security data item.
4. The method of any preceding claim, wherein the operational mode of the security data device is set in response to use of a sensor of the security data device.
5. The method of any preceding claim, further comprising illuminating the secure data device based on the mode of operation.
6. The method of any preceding claim, wherein the request for the at least one secure data item comprises a request from the client device to the third party device.
7. The method of claim 6, wherein providing the response comprises modifying the request such that the request includes the at least one secure data item.
8. A system for a secure data device, the system comprising:
a communication interface;
a safety sensor;
computer processing circuitry;
a portable housing enclosing the communication interface, the security sensor, and at least a portion of the computer processing circuitry; and
a computer-readable storage medium storing instructions that, when executed by the computer processing circuitry, are configured to cause the computer processing circuitry to perform a method comprising:
setting an operating mode for a secure data device storing a plurality of secure data items;
receiving a request for at least one of the secure data items from a client device in communication with a third party device;
determining whether the mode of operation is associated with allowing access to the secure data item; and
providing a response based on the determination, wherein:
the mode of operation is not associated with allowing access to the secure data item; and
providing the response comprises generating a close response that does not include the at least one security data item.
9. The system of claim 8, wherein:
the mode of operation is associated with allowing access to the secure data item; and
providing the response comprises:
retrieving the at least one secure data item from secure storage of the secure data device;
decrypting the at least one secure data item; and
generating the response including the at least one secure data item.
10. The system of claim 8 or 9, wherein the operational mode of the security data device is set in response to use of the security sensors of the security data device.
11. The system of any one of claims 8 to 10, further comprising illuminating the secure data device based on the mode of operation.
12. The system of any of claims 8 to 11, wherein the request for the at least one secure data item comprises a request from the client device to the third party device.
13. The system of claim 12, wherein providing the response comprises modifying the request such that the request includes the at least one secure data item.
14. The system of any one of claims 8 to 13, wherein the security sensor is selected from the group consisting of a touch sensor, a button, a biometric sensor, a switch, and a microphone.
15. A computer program product for a secure data device, the computer program product comprising:
a computer readable storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for performing the method of any of claims 1-7.
16. A computer program stored on a computer readable medium and loadable into the internal memory of a digital computer, comprising software code portions, when said program is run on a computer, for performing the method of any of claims 1 to 7.
CN202080077356.9A 2019-11-12 2020-11-09 Wearable secure data device Pending CN114642015A (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US16/680,762 US11874700B2 (en) 2019-11-12 2019-11-12 Wearable secure data device
US16/680,762 2019-11-12
PCT/IB2020/060523 WO2021094895A1 (en) 2019-11-12 2020-11-09 Wearable secure data device

Publications (1)

Publication Number Publication Date
CN114642015A true CN114642015A (en) 2022-06-17

Family

ID=75847459

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202080077356.9A Pending CN114642015A (en) 2019-11-12 2020-11-09 Wearable secure data device

Country Status (6)

Country Link
US (1) US11874700B2 (en)
JP (1) JP2023501450A (en)
CN (1) CN114642015A (en)
DE (1) DE112020004750T5 (en)
GB (1) GB2604818B (en)
WO (1) WO2021094895A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11874700B2 (en) 2019-11-12 2024-01-16 International Business Machines Corporation Wearable secure data device
US11537756B2 (en) * 2020-11-23 2022-12-27 Verizon Patent And Licensing Inc. Systems and methods for providing surrogate credentials and a secure guest mode for mobile devices

Family Cites Families (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050021679A1 (en) 2000-02-25 2005-01-27 Alexander Lightman Method and system for data transmission between wearable devices or from wearable devices to portal
US7712086B2 (en) 2004-12-15 2010-05-04 Microsoft Corporation Portable applications
US8219771B2 (en) 2006-10-19 2012-07-10 Stmicroelectronics, Inc. Portable device for storing private information such as medical, financial or emergency information
US9361490B2 (en) 2008-01-07 2016-06-07 Xceedid Corporation Systems and methods for utilizing wireless programmable credentials
US20110173308A1 (en) 2010-01-14 2011-07-14 Brent Gutekunst System and method for medical surveillance through personal communication device
US9338156B2 (en) * 2013-02-22 2016-05-10 Duo Security, Inc. System and method for integrating two-factor authentication in a device
US9432361B2 (en) 2013-03-13 2016-08-30 Lookout, Inc. System and method for changing security behavior of a device based on proximity to another device
US9984206B2 (en) * 2013-03-14 2018-05-29 Volcano Corporation System and method for medical resource scheduling in a distributed medical system
US9231765B2 (en) 2013-06-18 2016-01-05 Arm Ip Limited Trusted device
RU2013133076A (en) 2013-07-17 2015-01-27 Андрей Алексеевич Провкин DEVICE AND AUTHENTICATION METHOD
US11087572B2 (en) * 2015-05-01 2021-08-10 Assa Abloy Ab Continuous authentication
CN105430061A (en) 2015-11-04 2016-03-23 中国联合网络通信集团有限公司 Data processing method of wearable equipment and user terminal
US10223516B2 (en) 2016-06-09 2019-03-05 Lenovo (Singapore) Pte. Ltd. Login with linked wearable device
US10366220B2 (en) 2016-09-07 2019-07-30 Tokenize, Inc. System and method for supplying security information
CN106385678A (en) 2016-09-29 2017-02-08 深圳职业技术学院 Wearable safety device
US9961547B1 (en) * 2016-09-30 2018-05-01 EMC IP Holding Company LLC Continuous seamless mobile device authentication using a separate electronic wearable apparatus
US10909791B2 (en) 2016-12-16 2021-02-02 Assa Abloy Ab Methods and devices for physical access control systems
US20180302403A1 (en) * 2017-04-13 2018-10-18 Plas.md, Inc. System and method for location-based biometric data collection and processing
US10075846B1 (en) 2017-08-10 2018-09-11 The Florida International University Board Of Trustees Method for continuous user authentication with wearables
KR20190048839A (en) 2017-10-31 2019-05-09 (주)유양디앤유 VLC Data Forwarding between Wearable Device and Host Device
US11210363B1 (en) * 2018-04-26 2021-12-28 Meta Platforms, Inc. Managing prefetching of content from third party websites by client devices based on prediction of user interactions
US11874700B2 (en) 2019-11-12 2024-01-16 International Business Machines Corporation Wearable secure data device
US11689537B2 (en) * 2020-10-21 2023-06-27 Okta, Inc. Providing flexible service access using identity provider

Also Published As

Publication number Publication date
GB202207639D0 (en) 2022-07-06
GB2604818A (en) 2022-09-14
US20210141414A1 (en) 2021-05-13
DE112020004750T5 (en) 2022-06-30
GB2604818B (en) 2023-10-11
JP2023501450A (en) 2023-01-18
US11874700B2 (en) 2024-01-16
WO2021094895A1 (en) 2021-05-20

Similar Documents

Publication Publication Date Title
US10075844B2 (en) Enpoint security appliance/sensor platform
US11494754B2 (en) Methods for locating an antenna within an electronic device
US20220207178A1 (en) Privacy enforcement via localized personalization
CN104331644B (en) A kind of transparent encipher-decipher method of intelligent terminal file
US10521610B1 (en) Delivering secure content in an unsecure environment
CN112287372B (en) Method and apparatus for protecting clipboard privacy
FR2971599A1 (en) SECURE TRANSACTION METHOD FROM UNSECURED TERMINAL
WO2015131011A1 (en) Sensor privacy mode
KR102359016B1 (en) Dissolvable protection of candidate sensitive data items
JP6461137B2 (en) Method and device for protecting private data
CN114642015A (en) Wearable secure data device
US11757628B1 (en) Database exclusion (DBX) for multi-party access (MPA) to sensitive personal information (SPI)
CN111342966B (en) Data storage method, data recovery method, device and equipment
Aditya et al. Brave new world: Privacy risks for mobile users
EP3151155A1 (en) Private data exchange
WO2023155641A1 (en) Processing of data
US20180035285A1 (en) Semantic Privacy Enforcement
CN107463808B (en) Method for calling functional module integrated in operating system
KR20200120156A (en) Electronic device and method for sharing medical information in the electronic device
Andriotis et al. Impact of user data privacy management controls on mobile device investigations
Jha et al. Cybersecurity in the Age of the Internet of Things: An Assessment of the Users’ Privacy and Data Security
Schürmann et al. Openkeychain: an architecture for cryptography with smart cards and nfc rings on android
Kissell Take control of your online privacy
US11765147B1 (en) System and method for use of filters within a cryptographic process
Parker Armored Carriage: Your Mobile Castle

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination